Linux Kernel x86_64 LDT Buffer Overflow May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1020544
|
|
SecurityTracker URL: http://securitytracker.com/id?1020544
|
|
CVE Reference: CVE-2008-3247
(Links to External Site)
|
Date: Jul 24 2008
|
Impact: Denial of service via local system, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.6.25.x prior to 2.6.25.11
|
Description: A vulnerability was reported in Linux Kernel. A local user can cause denial of service conditions and may be able to obtain elevated privileges.
A local user can trigger a Local Descriptor Table buffer overflow on x86_64 systems to potentially execute arbitrary code with kernel level privileges.
|
Impact: A local user may be able to execute arbitrary code with kernel level privileges.
A local user can cause denial of service conditions on the target system.
|
Solution: The vendor has issued a fixed version (2.6.25.11).
The vendor's advisory is available at:
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.11
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Caldera/SCO), Linux (Conectiva), Linux (Debian), Linux (EnGarde), Linux (Gentoo), Linux (HP Secure OS), Linux (Immunix), Linux (Mandriva/Mandrake), Linux (Progeny Debian), Linux (Red Hat Enterprise), Linux (Red Hat Fedora), Linux (Red Hat Linux), Linux (SGI), Linux (Slackware), Linux (Sun), Linux (SuSE), Linux (Trustix), Linux (Turbo Linux), Linux (Ubuntu), Linux (Xandros)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 24 Jul 2008 08:41:11 -0400
Subject: Linux Kernel
|
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.11
SUSE wrote:
CVE-2008-3247: On x86_64 systems, a incorrect buffer size in LDT
handling might lead to local untrusted attackers causing a crash
of the machine or potentially execute code with kernel privileges.
This problem only affects the openSUSE 11.0 kernel, since the problem
was introduced in the 2.6.25 kernel.
|
|
